If you are having trouble connecting to your Business
Intelligence Launchpad through Firefox or Google Chrome and are hitting the
Diffie-Hellman weak ephemeral key message you will know how confusing and
frustrating it is. The obvious work around is to use Internet Explorer as that
particular browser does not currently check for the weak cipher keys that make
the Logjam attack possible.
Some of you will be stuck using a particular
browser due to IT policies so this could be for you.
To allow Firefox and Chrome to connect once again a few
changes need to be made to the Tomcat/conf/server.xml file which will allow you
to specify which ciphers to use when browsers are trying to connect.
In the connector element for SSL (normally port 443) add in
the following ciphers to use:
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"
I added it just before the password section but I believe
you can put it in anywhere in the corresponding connector section of the
server.xml file.
Assuming everything is in the right place you can go ahead
and restart Tomcat. When its back up, you will be able to log in using Firefox and
Google Chrome.
There are other methods which involve downloading the Java
Unlimited Strength files but these need a little bit of extra configuration and
we personally could not get them working. If you can get them working they will
allow you to use 256 encryption and not restrict you to RSA.
Written by Luke Johnson, BI Support Technician, DSCallards
